Cyber Security

US-CERT ALERT

(July 5, 2016) US-CERT (United States Computer Emergency Readiness Team) issues an alert that Symantec and Norton branded antivirus products contain multiple vulnerabilities that could allow a remote attacker to take control of an affected system.(November 18, 2016) Symantec has released security updates to address the vulnerability above. Users and administrators are encouraged to review Symantec Security Advisory SYM16-021 and apply the necessary updates.

In 2014, IFERS' Team DESCARTES was one of the 104 teams registered with the Defense Advanced Research Projects Agency (DARPA) for the first-ever Cyber Grand Challenge (CGC). Only 28 teams made it through two DARPA-sponsored dry runs and into the CGC Qualifying Event. Our team was ranked #7 at the CGC Scored Event 2 in April 2015 (see Fig. 1) and #13 at the CGC Qualifying Event in June 2015.

Fig. 1: CGC Scored Event 2 Results in April 2015

Overview

For any given software vulnerability, the lengthy time window from initial bug report to widespread patch deployment puts cybersecurity analysts at a significant disadvantage. In many cases a race ensues between miscreants intending to exploit the vulnerability and analysts who must assess, remediate, test, and deploy a patch before significant damage can be done. We aim to create automatic defensive systems capable of reasoning about flaws, formulating patches and deploying them on a network in real time. By acting at machine speed and scale, new technologies will someday overturn today's attacker-dominated status quo.

How to Protect Your Business

In January 2016, the head of the NSA’s Tailored Access Program (TAO), Rob Joyce, spoke at the Usenix Enigma security conference. He offered insights into how highly funded advanced persistent threats only need our defenses down for a moment. Those times when a vendor asks for a backdoor or ports to be opened, or when an administrator makes a mistake in a firewall. To learn how to protect your business, please email info@ifers.org

Q&A with Mike Walker and Chris Eagle on Reddit:http://redd.it/277aih Excerpt:Mike Walker: In April of 2014, insurers started selling insurance products that covered physical harm generated by cyber effects... In May of 2014, Sky News reported that over 42,000 London cars – nearly half of the cars stolen in the city of London – were stolen with hacking. The networked civilization we are building is going to need to be able to make strong promises about the safety of software, because it won’t just be guarding our data security – it will be guarding our physical security.... CGC is open technology development on the problem of software safety, a problem seen by the DoD – and everyone with a vested interest in our connected future.

April 16-17, 2015 CGC Scored Event 2:https://github.com/CyberGrandChallenge/Event-FAQ DARPA reported that the agency had received over 4,768 submissions. Automated scoring was performed with each pass requiring 47.5 million test cases. Team DESCARTES is ranked # 7 in the CGC Scored Event 2.

June 3-4, 2015 CGC Qualifying Event (CQE):https://github.com/CyberGrandChallenge/Event-FAQ/blob/master/event_faq.mdDARPA released 131 binary software packages, and competitor systems proved flaws in at least 76% of them. Out of 104 teams that had originally registered in 2014, 28 teams made it through two DARPA-sponsored dry runs and into the CGC Qualifying Event. Team DESCARTES is ranked # 13 in the Qualifying Event.

August 4, 2016CGC Final Event (CFE):http://www.bbc.com/news/technology-36980307Mayhem designed by team ForAllSecure from Carnegie Mellon University won the DARPA Cyber Grand Challenge (CGC) at DEF CON 24 on August 4, 2016.